public void a_limited_user_CAN_send_and_receive_messages_on_existing_routes()
{
// Admin connection to make the routing
_messaging.CreateDestination <IMetadataFile>("test_permissions", Expires.Never);
// Limited user to use it
var credentials = _query.GetLimitedUser("test_permissions");
// connect using the limited user
var config = new MessagingBaseConfiguration()
.WithDefaults()
.WithConnection(ConfigurationHelpers.RabbitMqConnectionWithConfigSettingsAndCustomCredentials(
credentials.UserName,
credentials.Password
));
var limitedConn = config.GetMessagingBase();
// Do a round-trip on the limited account with the admin's routing
limitedConn.SendMessage(new SuperMetadata {
Contents = "Hello"
});
var result = limitedConn.GetMessage <IMetadataFile>("test_permissions");
// Check it worked
Assert.That(result, Is.Not.Null, "Message did not get through");
Assert.That(result.Contents, Is.EqualTo("Hello"), "Got the wrong message");
_query.DeleteUser(credentials);
}
public void a_limited_user_can_NOT_add_routing()
{
var credentials = _query.GetLimitedUser("test_permissions");
var config = new MessagingBaseConfiguration()
.WithDefaults()
.WithConnection(ConfigurationHelpers.RabbitMqConnectionWithConfigSettingsAndCustomCredentials(
credentials.UserName,
credentials.Password
));
var limitedConn = config.GetMessagingBase();
bool ok = false;
try {
// Should not be able to do this:
limitedConn.CreateDestination <IMetadataFile>("test_permissions", Expires.Never);
} catch (Exception ex) {
Console.WriteLine(ex);
ok = ex.Message.Contains("ACCESS_REFUSED");
}
_query.DeleteUser(credentials);
Assert.That(ok, Is.True, "Create destination passed, but should have been blocked");
}
public void a_limited_user_can_NOT_delete_an_existing_destination()
{
// Admin connection to make the routing
_messaging.CreateDestination <IMetadataFile>("test_permissions", Expires.Never);
// Limited user to use it
var credentials = _query.GetLimitedUser("test_permissions");
var limitedConn = ConfigurationHelpers.RabbitMqConnectionWithConfigSettingsAndCustomCredentials(
credentials.UserName,
credentials.Password
);
bool ok = false;
try
{
limitedConn.WithChannel(conn => conn.QueueDelete("test_permissions", false, false));
}
catch (Exception ex)
{
Console.WriteLine(ex);
ok = ex.Message.Contains("ACCESS_REFUSED");
}
_query.DeleteUser(credentials);
Assert.That(ok, Is.True, "QueueDelete passed, but should have been blocked");
}
